Mark Cabanero
78e9a51168
Add Trusted Origins to CSRF Handler ( #2301 )
...
Enables the user to add addresses that they expect incoming connections
to come from. Helpful in cases where TLS termination is handled by a
load balancer upstream, rather than the application itself.
2022-09-06 16:20:19 +02:00
Glenn Wilkinson
3863ad31b9
Fixed issue with sorting by login date of users
2022-08-26 23:09:14 +02:00
Glenn Wilkinson
34f7457294
Update README.md
...
Updated installation command
2022-08-25 15:28:54 +02:00
Glenn Wilkinson
32c0502999
Minified missing sending_profile file ( 741201b
)
2022-08-24 18:00:00 +02:00
Glenn Wilkinson
6b61426aab
Bumped version to 0.12.0
2022-08-12 21:31:43 +02:00
Glenn Wilkinson
90cd444dcb
Minified template.js resolving #2545
2022-08-09 15:24:29 +01:00
Glenn Wilkinson
5ef2d75e72
Fixed Account Locked bug, allowing user accounts to be locked
2022-06-11 11:25:56 +01:00
Glenn Wilkinson
6fb77bf3ce
Fixed formatting from Custom Envelope PR #2334
2022-06-05 21:18:32 +01:00
Glenn Wilkinson
d0ff3829e5
Disallow deleting of admin user from the UI ( #2487 )
2022-06-01 17:01:55 +01:00
Glenn Wilkinson
0c255bbe92
Disallow changing of admin username from the UI ( #2487 )
2022-06-01 16:40:04 +01:00
Bálint József Jánvári
b7c69662ce
Embed or attach files based on their file extension ( #1525 )
...
Embed or attach files based on their file extension:
* Set 'Content-Disposition: inline' for images
* Set 'Content-Disposition: attachment' for other files
2022-06-01 17:14:22 +02:00
Jake Walker
704e6d56b3
Fix modal titles saying new when editing existing content ( #2318 )
2022-04-15 16:28:19 +02:00
ptitdoc
bb516ef7ab
986 custom envelope sender remerge ( #2334 )
...
* Adds the ability to specify an envelope sender in templates (#986 )
Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
2022-03-25 16:24:49 +01:00
dependabot[bot]
e0acb99734
Bump minimist from 1.2.0 to 1.2.5 ( #2401 )
...
Bumps [minimist](https://github.com/substack/minimist ) from 1.2.0 to 1.2.5.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.0...1.2.5 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-25 13:10:19 +01:00
dependabot[bot]
eb016a437c
Bump copy-props from 2.0.4 to 2.0.5 ( #2399 )
...
Bumps [copy-props](https://github.com/gulpjs/copy-props ) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/gulpjs/copy-props/releases )
- [Changelog](https://github.com/gulpjs/copy-props/blob/master/CHANGELOG.md )
- [Commits](https://github.com/gulpjs/copy-props/compare/2.0.4...2.0.5 )
---
updated-dependencies:
- dependency-name: copy-props
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 15:03:51 +01:00
Kirill
67e304f372
Fix open redirect vulnerability on the login page ( #2262 )
2022-02-16 17:26:51 +01:00
dependabot[bot]
e215132bdf
Bump ajv from 6.10.0 to 6.12.6 ( #2395 )
...
Bumps [ajv](https://github.com/ajv-validator/ajv ) from 6.10.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases )
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.10.0...v6.12.6 )
---
updated-dependencies:
- dependency-name: ajv
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-16 16:46:30 +01:00
Glenn Wilkinson
741201b7f0
Added JS for Fix sending profile form ( #2389 )
2022-02-16 15:30:38 +00:00
Mark Steward
1f95efcb7b
Fix sending profile form ( #2389 )
...
Credentials no longer suggested in the Search box in 'Sending Profiles'
2022-02-07 17:12:55 +01:00
Glenn Wilkinson
a6627dfc6b
Added support for templating attachments ( #1936 )
...
The following attachment types support template variables: docx, docm, pptx, xlsx, xlsm, txt, html, ics.
2022-02-02 15:41:27 +01:00
Bilal Retiat
0646f14c99
Updated the Ansible Playbook ( #2138 )
...
* Update Ansible role
* lint Ansible role
* Update Ansible Playbook README
* use python3 packages instead python2
2021-12-23 19:13:43 +01:00
Glenn Wilkinson
ceab0509eb
Merge pull request #2296 from gophish/dependabot/npm_and_yarn/tar-4.4.19
...
Bump tar from 4.4.8 to 4.4.19
2021-12-18 09:49:34 +01:00
Glenn Wilkinson
202ecd3397
Merge pull request #2277 from gophish/dependabot/npm_and_yarn/path-parse-1.0.7
...
Bump path-parse from 1.0.6 to 1.0.7
2021-12-18 09:49:20 +01:00
Glenn Wilkinson
4b106b3fe2
Merge pull request #2211 from gophish/dependabot/npm_and_yarn/browserslist-4.16.6
...
Bump browserslist from 4.6.1 to 4.16.6
2021-12-18 09:49:11 +01:00
Glenn Wilkinson
1d18ea7e01
Merge pull request #2196 from gophish/dependabot/npm_and_yarn/hosted-git-info-2.8.9
...
Bump hosted-git-info from 2.7.1 to 2.8.9
2021-12-18 09:48:50 +01:00
Glenn Wilkinson
b3f0bad5ce
Merge pull request #2195 from gophish/dependabot/npm_and_yarn/lodash-4.17.21
...
Bump lodash from 4.17.19 to 4.17.21
2021-12-18 09:48:41 +01:00
Glenn Wilkinson
12ecfd84cc
Merge pull request #2182 from gophish/dependabot/npm_and_yarn/ssri-6.0.2
...
Bump ssri from 6.0.1 to 6.0.2
2021-12-18 09:48:33 +01:00
Glenn Wilkinson
4814620cdc
Merge pull request #2157 from gophish/dependabot/npm_and_yarn/y18n-3.2.2
...
Bump y18n from 3.2.1 to 3.2.2
2021-12-18 09:48:00 +01:00
dependabot[bot]
003d143641
Bump tar from 4.4.8 to 4.4.19
...
Bumps [tar](https://github.com/npm/node-tar ) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases )
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-tar/compare/v4.4.8...v4.4.19 )
---
updated-dependencies:
- dependency-name: tar
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-01 04:00:10 +00:00
dependabot[bot]
f89c85f558
Bump path-parse from 1.0.6 to 1.0.7
...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse ) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases )
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7 )
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 23:42:11 +00:00
dependabot[bot]
5aa3a858cb
Bump browserslist from 4.6.1 to 4.16.6
...
Bumps [browserslist](https://github.com/browserslist/browserslist ) from 4.6.1 to 4.16.6.
- [Release notes](https://github.com/browserslist/browserslist/releases )
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md )
- [Commits](https://github.com/browserslist/browserslist/compare/4.6.1...4.16.6 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-25 07:33:27 +00:00
dependabot[bot]
82fd6adf68
Bump hosted-git-info from 2.7.1 to 2.8.9
...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-10 07:08:01 +00:00
dependabot[bot]
5fc6ba6bef
Bump lodash from 4.17.19 to 4.17.21
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-08 15:03:26 +00:00
dependabot[bot]
a5b3b134ba
Bump ssri from 6.0.1 to 6.0.2
...
Bumps [ssri](https://github.com/npm/ssri ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases )
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md )
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-29 18:52:25 +00:00
dependabot[bot]
f722065018
Bump y18n from 3.2.1 to 3.2.2
...
Bumps [y18n](https://github.com/yargs/y18n ) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-30 15:39:51 +00:00
dependabot[bot]
db63ee978d
Bump yargs-parser from 5.0.0 to 5.0.1 ( #2151 )
2021-03-28 15:40:31 -05:00
dependabot[bot]
96d1a55558
Bump elliptic from 6.5.3 to 6.5.4 ( #2140 )
2021-03-28 15:38:41 -05:00
Glenn Wilkinson
54d9eb28ff
Merge pull request #2105 from gophish/fix-cors-headers
...
Add PUT and DELETE methods for CORS handling.
2021-03-06 17:40:42 +00:00
Shubhendra Singh Chauhan
15303e32cf
Fix code quality issues ( #2118 )
2021-02-24 17:34:38 -06:00
Jordan Wright
166ff8a050
Add PUT and DELETE methods for CORS handling. Fixes #2098
2021-01-24 14:01:40 -06:00
ssssdl
e6533e9993
Update Dockerfile ( #2095 )
...
Updates the Go version used by the Dockerfile
2021-01-24 13:44:10 -06:00
dependabot[bot]
9f5368aa13
Bump ini from 1.3.5 to 1.3.7 ( #2067 )
...
Bumps [ini](https://github.com/isaacs/ini ) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases )
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-11 07:24:28 -06:00
Glenn Wilkinson
ced5261678
Added functionality to lock accounts (+bug fix) ( #2060 )
...
* Added functionality to lock accounts
* Fixed typo and added test case for locked account
2020-12-07 08:56:05 -06:00
Jordan Wright
8b8e88b077
Adjusting how we handle IP address parsing to more gracefully handle X-Forwarded-For headers. Ref #1999
2020-10-14 20:35:32 -05:00
Jordan Wright
120e232cfe
Removing accidental dependencies to revert to 3c490dbadb
2020-10-11 17:49:37 -05:00
Jordan Wright
23154126de
Made error handling in the case of a client IP without a port more graceful, so that the ratelimiter doesn't return an error if X-Forwarded-For or X-Real-IP is set.
2020-10-11 17:18:33 -05:00
Jordan Wright
af3122f93b
Adds support for X-Forwarded-For and X-Real-IP headers so that the correct IP address shows up in the logs.
...
Fixes #1999
2020-10-11 13:59:42 -05:00
Jordan Wright
3c490dbadb
Updated JS from #1976
2020-09-30 22:00:15 -05:00
Glenn Wilkinson
b53cff0c98
Added functionality to display last user login ( #1967 )
...
Added functionality to display last login time for each user in the User Management page.
2020-09-30 21:06:08 -05:00
Jordan Wright
c1d3c7cd75
Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL.
...
Fixes #1985
2020-09-23 21:15:19 -05:00